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REMARKS 

The Office Action mailed March 30, 2004 has been carefully reviewed and the 
foregoing amendment and following remarks are made in consequence thereof. 

Claims 1-20 are now pending in this application. Claims 1-16 stand rejected. Claims 
17-20 have been canceled. 

The rejection of Claims 5-11 and 13-14 under 35 U.S.C. §102(b) as being anticipated 
by Kraenzel (U.S. Pat. No. 6,513,039) is respectfully traversed. The Office Action at page 4 
indicates that Claims 5-11 and 3-14 are rejected under section 102. Applicants believe that 
line includes a typographical error and have based their response on Claims 5-11 and 13-14 
being rejected under 35 U.S.C. § 102(b). 

Kraenzel describes a system for generating a profile of a network user based on an 
access control list of the network that is based on objects accessible by the user. The system 
also generates a user profile based on a user's object access privileges, generates a user profile 
based on user affinities, generates a user profile that enables users to select which user 
affinities are inserted into the profile, and generates a user profile that enables users to edit 
the profile. The system accesses a database containing one or more objects requested by a 
user, and retrieves the user's access privileges for the object(s) requested. If the user's access 
privileges meet the minimum requirements set by the object administrator, the system 
retrieves the requested object and presents the object(s) to the user. If, the user's access 
privileges do not meet the minimum requirements set by a system administrator for that 
object(s), the user may request additional privileges from the system administrator. If 
additional privileges are granted, the system retrieves and presents the requested object to the 
user. Notably, Kraenzel describes that the approval for access comes from a system 
administrator and does not describe automatically approving access based on an exception 
access rule. 

Claim 5 recites a method for managing user profile information, including managing 
access control to applications and data by implementing a level of security across the 
different applications that is the same for each application, using a web-based system that 
includes a server system coupled to a centralized interactive database and at least one client 
system wherein the method includes "providing capabilities for a user to request access to 
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information that the user currently does not have access to... tracking a status of the request 
using a tracking component coupled to the centralized interactive database... obtaining a 
decision from an owner of the data requested... if the decision is access approval, adding at 
least one of a rule and the user to the database. . .notifying the user of the decision. . .if the user 
is denied access, prompting the user to complete a request for quick approval... retrieving, 
from the centralized database, an exception access rule including pre-established 
criteria... applying the exception access rule to the completed request for quick 
approval. . .automatically approving access based on the exception access rule." 

Kraenzel does not describe nor suggest a method for managing user profile 
information including "providing capabilities for a user to request access to information that 
the user currently does not have access to, tracking a status of the request using a tracking 
component coupled to the centralized interactive database, obtaining a decision from an 
owner of the data requested, if the decision is access approval, adding at least one of a rule 
and the user to the database, notifying the user of the decision, if the user is denied access, 
prompting the user to complete a request for quick approval, retrieving, from the centralized 
database, an exception access rule including pre-established criteria, applying the exception 
access rule to the completed request for quick approval, and automatically approving access 
based on the exception access rule. 

Specifically, Kraenzel does not describe nor suggest a method that includes tracking a 
status of the request using a tracking component coupled to the centralized interactive 
database, nor if the request for data access is approved, adding at least one of a rule and the 
user to the database. Moreover, Kraenzel does not describe nor suggest a method that, if a 
user is denied access to the requested data, prompts the user to complete a request for quick 
approval, retrieves an exception access rule including pre-established criteria, from the 
centralized database, applies the exception access rule to the completed request for quick 
approval, and automatically approves access based on the exception access rule. Rather, in 
contrast to the present invention, Kraenzel describes a system that is configured such that if 
the user's access privileges do not meet the minimum requirements set by a system 
administrator for the requested object, the user may request additional privileges from the 
system administrator, rather than based on an exception access rule that has pre-established 
criteria that is retrieved from a centralized database. Accordingly, for at least the reasons set 
forth above, Claim 5 is submitted to be patentable over Kraenzel 
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Claims 6-11 and 13-14 depend from independent Claim 5. When the recitations of 
Claims 6-11 and 13-14 are considered in combination with the recitations of Claim 5, 
Applicants submit that dependent Claims 6-11 and 13-14 likewise are patentable over 
Kraenzel. 

The rejection of Claims 1 and 3-4 under 35 U.S.C. § 103 as being unpatentable over 
Kraenzel (U.S. Pat. No. 6,513,039) in view of Behera (U.S. Pat. No. 6,535,879) is 
respectfully traversed. 

Kraenzel is described above. Behera describes an access control via properties 
system that provides Access Control List (ACL) rules that are structured such that the ACL 
rules indicate the attributes that the administrator has selected for user access and specifies 
the type of access to be granted to a user which can include: read, write, or any other 
privileges that the system supports. The desired attributes that the user must have to be 
granted such access is also listed along with the attribute fieldname associated with the 
desired attributes. The directory server will match the desired attributes within the specified 
attribute fieldname with the user's attributes and allows access to the directory entry only if 
the user has the desired attribute values. Alternatively, a match function can be specified for 
the desired attributes where the directory server matches the desired attributes with the user 
and the owner of the list of attributes and allows access to the directory entry only if the both 
the user and the owner have the desired attribute values. When a user accesses a directory 
entry, the directory server selects and analyzes a specific access control command according 
to the attribute being accessed. 

Claim 1 recites a method for providing access to users based on user profiles and 
using a web-based system that includes a server system coupled to a centralized interactive 
database and at least one client system wherein the method includes "creating an electronic 
profile for a user within a centralized database... creating an electronic profile for data within 
the centralized database... establishing pre-determined rules and methodology for user 
access... making a decision with reference to the user access after completing an evaluation 
based on the electronic profiles, pre-determined rules, and operating methodology in response 
to a request from the user for access... if the user is denied access, prompting the user to 
complete a request for quick approval... retrieving, from the centralized database, an 
exception access rule including pre-established criteria... applying the exception access rule 
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to the completed request for quick approval... automatically approving access based on the 
exception access rule." 

Neither Kraenzel nor Behera, considered alone or in combination, describe or suggest 
a method for providing access to users based on user profiles that includes creating an 
electronic profile for a user within a centralized database, creating an electronic profile for 
data within the centralized database, establishing pre-determined rules and methodology for 
user access, making a decision with reference to the user access after completing an 
evaluation based on the electronic profiles, pre-determined rules, and operating methodology 
in response to a request from the user for access, if the user is denied access, prompting the 
user to complete a request for quick approval, retrieving, from the centralized database, an 
exception access rule including pre-established criteria, applying the exception access rule to 
the completed request for quick approval, automatically approving access based on the 
exception access rule. More specifically, neither Kraenzel nor Behera, considered alone or in 
combination, describe or suggest a method that includes prompting the user to complete a 
request for quick approval, retrieving, from the centralized database, an exception access rule 
including pre-established criteria, applying the exception access rule to the completed request 
for quick approval, automatically approving access based on the exception access rule. 

Rather, in contrast to the present invention, Kraenzel describes that if the user's access 
privileges do not meet the minimum requirements set by a system administrator for the 
requested object, the system determines whether the user has requested additional privileges 
from the system administrator, and if additional privileges are granted by the system 
administrator, proceeds to retrieve and present the requested object. Behera describes an 
access control via properties system that allows access to the directory entry only if the user 
has the desired attribute values. However no combination of Kraenzel and Behera describes 
or suggests prompting the user to complete a request for quick approval, retrieving, from the 
centralized database, an exception access rule including pre-established criteria, applying the 
exception access rule to the completed request for quick approval, and automatically 
approving access based on the exception access rule. 

Further, Kraenzel and Behera both describe modifying an ACL to update access 
privileges, Kraenzel describes using a user affinity determined by a user affinity object, and 
Behera describes using user attributes matched against desired attributes. Accordingly, no 
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motivation exists combine Behera and Kraenzel because the combination would make either 
or both of the patented methods described inoperable. Accordingly, no reasonable likelihood 
of success has been shown. For at least the reasons above, Applicants respectfully submit 
that Claim 1 is patentable over Kraenzel in view of Behera. 

Claims 3 and 4 depend from independent Claim 1, which is submitted to be in 
condition for allowance. When the recitations of Claims 3 and 4 are considered in 
combination with the recitations of Claim 1, Applicants submit that dependent Claims 3 and 
4 are also patentable over Kraenzel in view of Behera. 

Notwithstanding the above, the rejection of Claims 1, 3, and 4 under 35 U.S.C. § 
103(a) as being unpatentable over Kraenzel in view of Behera is further traversed on the 
grounds that the Section 103 rejection of the presently pending claims is not a proper 
rejection. Obviousness cannot be established by merely suggesting that it would have been 
obvious to one of ordinary skill in the art to modify the method of Kraenzel by applying the 
access rules to the ACL as taught by Behera. More specifically, as is well established, 
obviousness cannot be established by combining the teachings of the cited art to produce the 
claimed invention, absent some teaching, suggestion, or incentive supporting the 
combination. Rather, the present Section 103 rejection appears to be based on a combination 
of teachings selected from multiple patents in an attempt to arrive at the claimed invention. 
Specifically, Kraenzel is cited for its teaching of a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list, and Behera is 
merely cited for its teaching of a method to control access via properties system by providing 
ACL rules based on properties associated with the entries. Since there is no teaching nor 
suggestion in the cited art for the claimed combination, the Section 103 rejection appears to 
be based on a hindsight reconstruction in which isolated disclosures have been picked and 
chosen in an attempt to deprecate the present invention. Of course, such a combination is 
impermissible, and for this reason alone, Applicants respectfully request that the Section 103 
rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
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disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the Kraenzel method by applying the access rules to the ACL as taught by Behera in 
order to grant access to a user or a group to a particular attribute object in the database," 
suggests combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood. 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck . 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion or motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claims 1, 3, and 4 be withdrawn. 

The rejection of Claim 2 under 35 U.S. C. § 103 as being unpatentable over Kraenzel 
(U.S. Pat. No. 6,513,039) in view of Behera (U.S. Pat. No. 6,535,879), CERN 
[Administrative Information Services, Oracle HR] and Lillibridge (U.S. Pat. No. 6,195,698) 
is respectfully traversed. 

Kraenzel and Behera are described above. CERN is a hardcopy of a webpage dated 
9/29/03 that lists the major functions of Oracle*HR as: personal information management, 
assignments (contracts) management, recruitment management, payroll elements 
management, absence entitlement management, career management, management of official 
documents, access rights, etc., and structures management (divisions, experiments), etc. 
Notably CERN does not describe nor suggest creating an electronic profile. 

Lillibridge describes a computerized access request method wherein a server 
computer receives an access request from a client computer. The server computer generates a 
predetermined number of random characters that are used to form a string in the server 
computer. The string is randomly modified either visually or audibly to form a riddle. The 
original string is the correct answer to the riddle. The server computer renders the riddle on 
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an output device of the client computer, and the client computer sends an answer to the 
server. The server determines if the guess is the correct answer, and if so, the access request 
is accepted. 

Claim 1 recites a method for providing access to users based on user profiles and 
using a web-based system that includes a server system coupled to a centralized interactive 
database and at least one client system wherein the method includes "creating an electronic 
profile for a user within a centralized database. . .creating an electronic profile for data within 
the centralized database... establishing pre-determined rules and methodology for user 
access... making a decision with reference to the user access after completing an evaluation 
based on the electronic profiles, pre-determined rules, and operating methodology in response 
to a request from the user for access... if the user is denied access, prompting the user to 
complete a request for quick approval... retrieving, from the centralized database, an 
exception access rule including pre-established criteria... applying the exception access rule 
to the completed request for quick approval... automatically approving access based on the 
exception access rule." 

None of Kraenzel, Behera, CERN, nor Lillibridge, considered alone or in 
combination, describe or suggest a method for providing access to users based on user 
profiles that includes creating an electronic profile for a user within a centralized database, 
creating an electronic profile for data within the centralized database, establishing pre- 
determined rules and methodology for user access, making a decision with reference to the 
user access after completing an evaluation based on the electronic profiles, pre-determined 
rules, and operating methodology in response to a request from the user for access, if the user 
is denied access, prompting the user to complete a request for quick approval, retrieving, 
from the centralized database, an exception access rule including pre-established criteria, 
applying the exception access rule to the completed request for quick approval, automatically 
approving access based on the exception access rule. 

More specifically, no combination of Kraenzel, Behera, CERN, and Lillibridge 
describes or suggests a method that includes prompting the user to complete a request for 
quick approval, retrieving, from the centralized database, an exception access rule including 
pre-established criteria, applying the exception access rule to the completed request for quick 
approval, automatically approving access based on the exception access rule. 
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Rather, in contrast to the present invention, Kraenzel describes that if the user's access 
privileges do not meet the minimum requirements set by a system administrator for the 
requested object, the system determines whether the user has requested additional privileges 
from the system administrator, and if additional privileges are granted by the system 
administrator, proceeds to retrieve and present the requested object. Moreover, Behera 
describes an access control via properties system that allows access to the directory entry 
only if the user has the desired attribute values, CERN describes an Oracle Human Resources 
application used at CERN but, does not describe nor suggest creating an electronic profile, 
and Lillibridge describes generating a riddle and waiting for a predetermined amount of time 
for a correct response from a client system. Accordingly, none of Kraenzel, Behera, CERN, 
nor Lillibridge considered alone or in combination, describe or suggest prompting the user to 
complete a request for quick approval, retrieving, from the centralized database, an exception 
access rule including pre-established criteria, applying the exception access rule to the 
completed request for quick approval, automatically approving access based on the exception 
access rule. Accordingly, Applicants respectfully submit that Claim 1 is patentable over 
Kraenzel in view of Behera, CERN, and Lillibridge. 

Claim 2 depends from independent Claim 1, which is submitted to be in condition for 
allowance. When the recitations of Claim 2 are considered in combination with the 
recitations of Claim 1, Applicants submit that dependent Claim 2 is also patentable over 
Kraenzel in view of Behera, CERN, and Lillibridge . 

Notwithstanding the above, the rejection of Claim 2 under 35 U.S.C. § 103(a) as 
being unpatentable over Kraenzel in view of Behera, CERN, and Lillibridge is further 
traversed on the grounds that the Section 103 rejection of the presently pending claims is not 
a proper rejection. Obviousness cannot be established by merely suggesting that it would 
have been obvious to one of ordinary skill in the art to modify the methods of Kraenzel and 
Behera by using information from OHR Application and RFCA Application. Specifically, as 
is well established, obviousness cannot be established by combining the teachings of the cited 
art to produce the claimed invention, absent some teaching, suggestion, or incentive 
supporting the combination. Rather, the present Section 103 rejection appears to be based on 
a combination of teachings selected from multiple patents in an attempt to arrive at the 
claimed invention. More specifically, Kraenzel is cited for its teaching of a method for 
generating a profile of a network user based on a user's access privileges stored in an access 
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control list, Behera is merely cited for its teaching of a method to control access via 
properties system by providing ACL rules based on properties associated with the entries, 
CERN is cited for teaching an OHR application, and Lillibridge is cited for teaching a RFCA 
Application. Since there is no teaching nor suggestion in the cited art for the claimed 
combination, the Section 103 rejection appears to be based on a hindsight reconstruction in 
which isolated disclosures have been picked and chosen in an attempt to deprecate the present 
invention. Of course, such a combination is impermissible, and for this reason alone, 
Applicants respectfully request that the Section 103 rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art to modify the Kraenzel and Behera 
method by using information from OHR Application and RFCA Application to build the 
electronic profile in order to distribute object to a user or a group via IP address," suggests 
combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck , 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion nor motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 2 be withdrawn. 

The rejection of Claim 12 under 35 U.S.C. § 103 as being unpatentable over Kraenzel 
(U.S. Pat. No. 6,513,039) is respectfully traversed. 
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Applicant respectfully submits that the Section 103 rejection of Claim 12 is not a 
proper rejection. The mere assertion that such an apparatus would have been obvious to one 
of ordinary skill in the art does not support a prima facie obvious rejection. Rather, each 
allegation of what would have been an obvious matter of design choice must always be 
supported by citation to some reference work recognized as standard in the pertinent art, and 
the Applicant given an opportunity to challenge the correctness of the assertion or the repute 
of the cited reference. Applicant has not been provided with the citation to any reference 
supporting the modification made in the rejection. The rejection, therefore, fails to provide 
the Applicant with a fair opportunity to respond to the rejection, and fails to provide the 
Applicant with the opportunity to challenge the correctness of the rejection. Therefore, 
Applicant respectfully request that the Section 103 rejection be withdrawn. 

Moreover, Applicant respectfully submits that obviousness cannot be established by 
merely suggesting that it would have been an obvious to one of ordinary skill in the art to 
modify Kraenzel. More specifically, it is respectfully submitted that a prima facie case of 
obviousness has not been established. As explained by the Federal Circuit, "to establish 
obviousness based on a combination of the elements disclosed in the prior art, there must be 
some motivation, suggestion or teaching of the desirability of making the specific 
combination that was made by the applicant." In re Kotzab , 54 USPQ2d 1308, 1316 (Fed. 
Cir. 2000). MPEP 2143.01. 

Moreover, the Federal Circuit has determined that: 

[I]t is impermissible to use the claimed invention as an instruction 
manual or "template" to piece together the teachings of the prior 
art so that the claimed invention is rendered obvious. This court 
has previously stated that "[o]ne cannot use hindsight 
reconstruction to pick and choose among isolated disclosures in the 
prior art to deprecate the claimed invention." In re Fitch , 23 
USPQ2d 1780, 1784 (Fed. Cir. 1992). 

Further, under Section 103, "it is impermissible ... to pick and choose from any one 
reference only so much of it as will support a given position, to the exclusion of other parts 
necessary to the full appreciation of what such reference fairly suggests to one of ordinary 
skill in the art." In re Wesslau , 147 USPQ 391, 393 (CCPA 1965). Rather, there must be 
some suggestion, outside of Applicant's disclosure, in the prior art to combine such 
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references, and a reasonable expectation of success must be both found in the prior art, and 
not based on Applicant's disclosure. In re Vaeck . 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 

In the present case, neither a suggestion nor motivation to modify the cited art, nor 
any reasonable expectation of success has been shown. Rather, because there is no teaching 
nor suggestion in the cited art for the claimed combination, the Section 103 rejection appears 
to be based on a hindsight reconstruction in which isolated portions of Groove have been 
picked and chosen in an attempt to deprecate the present invention. Of course, such a 
combination is impermissible, and for this reason alone, Applicant requests that the Section 
103 rejection of Claim 12 be withdrawn. 

Further, and to the extent understood, Kraenzel does not describe nor suggest the 
claimed modification, and as such, the presently pending claims are patentably 
distinguishable from Kraenzel. Specifically, Claim 5 recites a method for managing user 
profile information, including managing access control to applications and data by 
implementing a level of security across the different applications that is the same for each 
application, using a web-based system that includes a server system coupled to a centralized 
interactive database and at least one client system wherein the method includes "providing 
capabilities for a user to request access to information that the user currently does not have 
access to... tracking a status of the request using a tracking component coupled to the 
centralized interactive database... obtaining a decision from an owner of the data 
requested. ..if the decision is access approval, adding at least one of a rule and the user to the 
database. . .notifying the user of the decision. . .if the user is denied access, prompting the user 
to complete a request for quick approval... retrieving, from the centralized database, an 
exception access rule including pre-established criteria... applying the exception access rule 
to the completed request for quick approval... automatically approving access based on the 
exception access rule/' 

Kraenzel does not describe nor suggest a method for managing user profile 
information including "providing capabilities for a user to request access to information that 
the user currently does not have access to, tracking a status of the request using a tracking 
component coupled to the centralized interactive database, obtaining a decision from an 
owner of the data requested, if the decision is access approval, adding at least one of a rule 
and the user to the database, notifying the user of the decision, if the user is denied access, 
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prompting the user to complete a request for quick approval, retrieving, from the centralized 
database, an exception access rule including pre-established criteria, applying the exception 
access rule to the completed request for quick approval, and automatically approving access 
based on the exception access rule. Specifically, Kraenzel does not describe nor suggest a 
method that includes tracking a status of the request using a tracking component coupled to 
the centralized interactive database, nor if the request for data access is approved, adding at 
least one of a rule and the user to the database. Moreover, Kraenzel does not describe nor 
suggest a method that includes if the user is denied access to the requested data, prompting 
the user to complete a request for quick approval, retrieving, from the centralized database, 
an exception access rule including pre-established criteria, applying the exception access rule 
to the completed request for quick approval, and automatically approving access based on the 
exception access rule. Rather, in contrast to the present invention, Kraenzel describes the if 
the user's access privileges do not meet the minimum requirements set by a system 
administrator for the requested object, the user may request additional privileges from the 
system administrator, but Kraenzel does not describe nor suggest automatically approving 
access based on an exception access rule, having pre-established criteria, that is retrieved 
from a centralized database. Accordingly, for at least the reasons set forth above, Claim 5 is 
submitted to be patentable over Kraenzel 

Claim 12 depends from independent Claim 5, which is submitted to be in condition 
for allowance. When the recitations of Claim 12 are considered in combination with the 
recitations of Claim 5, Applicants submit that dependent Claim 12 is also patentable over 
Kraenzel. 

The rejection of Claim 15 under 35 U.S.C. § 103 as being unpatentable over Kraenzel 
(U.S. Pat. No. 6,513,039) in view of Stockwell (U.S. Pat. No. 6,535879) is respectfully 
traversed. 

Kraenzel is described above. Stockwell describes a method of regulating data flow 
through a firewall such that an agent or application attempts assess through the firewall. To 
make an ACL check, the agent collects information about the nature of the connection. This 
information includes the source and destination IP address. The agent places this information 
into a query list. The query list contains all of the relevant information needed to make the 
ACL check. The agent then submits the query list to acid 60 and acid 60 searches for a rule 
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that matches the query list and returns a reply list. The reply list includes either "allow" or 
"deny" to indicate if the connection should be accepted or rejected. Other values in the reply 
list are side effects that change the behavior of the agent. 

Claim 5 recites a method for managing user profile information, including managing 
access control to applications and data by implementing a level of security across the 
different applications that is the same for each application, using a web-based system that 
includes a server system coupled to a centralized interactive database and at least one client 
system wherein the method includes "providing capabilities for a user to request access to 
information that the user currently does not have access to... tracking a status of the request 
using a tracking component coupled to the centralized interactive database... obtaining a 
decision from an owner of the data requested... if the decision is access approval, adding at 
least one of a rule and the user to the database. . .notifying the user of the decision. . .if the user 
is denied access, prompting the user to complete a request for quick approval... retrieving, 
from the centralized database, an exception access rule including pre-established 
criteria... applying the exception access rule to the completed request for quick 
approval. . .automatically approving access based on the exception access rule." 

Neither Kraenzel nor Stockwell, considered alone or in combination, describe or 
suggest a method for managing user profile information including "providing capabilities for 
a user to request access to information that the user currently does not have access to, 
tracking a status of the request using a tracking component coupled to the centralized 
interactive database, obtaining a decision from an owner of the data requested, if the decision 
is access approval, adding at least one of a rule and the user to the database, notifying the user 
of the decision, if the user is denied access, prompting the user to complete a request for 
quick approval, retrieving, from the centralized database, an exception access rule including 
pre-established criteria, applying the exception access rule to the completed request for quick 
approval, and automatically approving access based on the exception access rule. 

Specifically, neither Kraenzel nor Stockwell describe or suggest a method that 
includes tracking a status of the request using a tracking component coupled to the 
centralized interactive database, nor if the request for data access is approved, adding at least 
one of a rule and the user to the database. Moreover, neither Kraenzel nor Stockwell describe 
or suggest a method that includes if the user is denied access to the requested data, prompting 
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the user to complete a request for quick approval, retrieving, from the centralized database, 
an exception access rule including pre-established criteria, applying the exception access rule 
to the completed request for quick approval, and automatically approving access based on the 
exception access rule. 

Rather, in contrast to the present invention, Kraenzel describes that if the user's access 
privileges do not meet the minimum requirements set by a system administrator for the 
requested object, the system determines whether the user has requested additional privileges 
from the system administrator, and if additional privileges are granted, proceeds to retrieve 
and present the requested object, and Stockwell describes a method of regulating data flow 
through a firewall such that an agent or application attempts assess through the firewall, but 
neither Kraenzel nor Stockwell, considered alone or in combination describes or suggests 
automatically approving access based on an exception access rule, having pre-established 
criteria, that is retrieved from a centralized database. Accordingly, Applicants respectfully 
submit that Claim 5 is patentable over Kraenzel in view of Stockwell. 

Notwithstanding the above, the rejection of Claim 15 under 35 U.S.C. § 103(a) as 
being unpatentable over Kraenzel in view of Stockwell is further traversed on the grounds 
that the Section 103 rejection of the presently pending claims is not a proper rejection. 
Obviousness cannot be established by merely suggesting that it would have been obvious to 
one of ordinary skill in the art to modify the method of Kraenzel by including a network in 
order to process the method for remote users. Specifically, as is well established, 
obviousness cannot be established by combining the teachings of the cited art to produce the 
claimed invention, absent some teaching, suggestion, or incentive supporting the 
combination. Rather, the present Section 103 rejection appears to be based on a combination 
of teachings selected from multiple patents in an attempt to arrive at the claimed invention. 
More specifically, Kraenzel is cited for its teaching of a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list, and Stockwell 
is merely cited for its teaching of a firewall-to-firewall encryption system that includes a 
workstation communicating through a firewall to an unprotected network. Since there is no 
teaching nor suggestion in the cited art for the claimed combination, the Section 103 rejection 
appears to be based on a hindsight reconstruction in which isolated disclosures have been 
picked and chosen in an attempt to deprecate the present invention. Of course, such a 
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combination is impermissible, and for this reason alone, Applicants respectfully request that 
the Section 103 rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Stockwell because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the Kraenzel method by including a network in order to process the method for 
remote users," suggests combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck . 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion nor motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 15 be withdrawn. 

The rejection of Claim 16 under 35 U.S.C. § 103 as being unpatentable over Behera 
(U.S. Pat. No. 6,535,879) in view of Kraenzel (U.S. Pat. No. 6,513,039) is respectfully 
traversed. 

Applicants respectfully submit that neither Behera nor Kraenzel, considered alone or 
in combination, describe or suggest the claimed invention. As discussed below, neither 
Behera nor Kraenzel, considered alone or in combination, describe or suggest establishing 
pre-determined rules and methodology for user access, making a decision with reference to 
the user access after completing an evaluation based on the electronic profiles, pre- 
determined rules, and operating methodology in response to a request from the user for 
access and if the user is denied access, prompting the user to complete a request for quick 
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approval wherein the request for quick approval is subjected to an internal exception access 
process, and quick approval is approved based on pre-established criteria. 

Behera and Kraenzel are described above. 

Claim 16 recites a database configured to be protected from access by unauthorized 
individuals by managing user and data profiles by an administrator such that the database 
provides access to users based on pre-determined rules and criteria wherein the database 
includes "data corresponding to pre-established criteria developed from access rules and 
criteria including at least one of Rule Based Access guidelines, Group Based Access 
guidelines, Search & Subscribe Utilities guidelines, Active Positioning Monitoring 
guidelines, Hard Exclusion Rules guidelines, and Access Audits guidelines... data 
corresponding to applications, including system administrator defined attributes that cross- 
references the applications profile data against unique identifiers... data corresponding to 
users, that includes a user's organization and citizenship, that cross-references the users 
profile data against unique identifiers... data corresponding to pre-determined rules and 
methodologies that facilitates accurate user access-decision making." 

Neither Behera nor Kraenzel, considered alone or in combination, describe or suggest 
a database including data corresponding to pre-established criteria developed from access 
rules and criteria, nor data corresponding to applications, including system administrator 
defined attributes that cross-references the applications profile data against unique identifiers, 
data corresponding to users, that includes a user's organization and citizenship, that cross- 
references the users profile data against unique identifiers, nor data corresponding to pre- 
determined rules and methodologies that facilitates accurate user access-decision making. 

More specifically, neither Behera nor Kraenzel, considered alone or in combination, 
describe or suggest a database that includes, data corresponding to pre-established criteria 
developed from access rules and criteria, and data corresponding to users that cross- 
references the users data against unique identifiers. Rather, in contrast to the present 
invention, Behera describes a directory server that will merely match the desired attributes 
within the specified attribute fieldname with the user's attributes and will allow access to the 
directory entry only if the user has the desired attribute values, and Kraenzel describes that if 
the user's access privileges do not meet the minimum requirements set by a system 
administrator for the requested object, the system determines whether the user has requested 



-22- 



PATENT 
Dkt. No. 13DV-13821 



additional privileges from the system administrator, and if additional privileges are granted, 
proceeds to retrieve and present the requested object. 

Notwithstanding the above, the rejection of Claim 16 under 35 U.S.C. § 103(a) as 
being unpatentable over Behera in view of Kraenzel is further traversed on the grounds that 
the Section 103 rejection of the presently pending claims is not a proper rejection. 
Obviousness cannot be established by merely suggesting that it would have been obvious to 
one of ordinary skill in the art to modify the Behera technique by using the method of access 
as taught by Kraenzel in order to process an access request of a user. More specifically, as is 
well established, obviousness cannot be established by combining the teachings of the cited 
art to produce the claimed invention, absent some teaching, suggestion, or incentive 
supporting the combination. Rather, the present Section 103 rejection appears to be based on 
a combination of teachings selected from multiple patents in an attempt to arrive at the 
claimed invention. Specifically, Behera is cited for its teaching of a LDAP as a database 
configured to be protected from access by using ACL. Kraenzel is cited for its teaching of a 
method for generating a profile of a network user based on a user's access privileges stored in 
an ACL. Since there is no teaching nor suggestion in the cited art for the claimed 
combination, the Section 103 rejection appears to be based on a hindsight reconstruction in 
which isolated disclosures have been picked and chosen in an attempt to deprecate the present 
invention. Of course, such a combination is impermissible, and for this reason alone, 
Applicants respectfully request that the Section 103 rejection be withdrawn. 

Further, Behera and Kraenzel both describe modifying an ACL to update access 
privileges, Behera describes using user attributes matched against desired attributes and 
Kraenzel describes using a user affinity determined by a user affinity object. There appears 
to be no motivation to combine Behera and Kraenzel because the combination makes either 
or both of the methods inoperable. Accordingly, no reasonable likelihood of success has 
been shown. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
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have been obvious to one of ordinary skill in the art to modify the Behera technique by using 
the method of access as taught by Kraenzel in order to process an access request of a user," 
suggests combining the features. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck , 20 U.S.P.Q.2d 1436 (Fed. Cir; 1991). 
In the present case, neither a suggestion or motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 16 be withdrawn. 

In view of the foregoing amendments and remarks, all the claims now active in this 
application are believed to be in condition for allowance. Reconsideration and favorable 
action is respectfully solicited. 
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